Research On Clustering Algorithm Based On Few Labeled Data In Intrusion Detection

Along with the more and more network economic activities development, the network security receive more attention, the intrusion detection take as one initiative effective defense measure obtain more and more values and research.The intrusion detection method unify some intelligent technology to apply in the intrusion detection system more and more become the current hot research topic, particularly the machine learning technology development bring new mentality for the intrusion detection method improvement.This article has carried on the analysis to present intrusion detection system and base on the clustering intrusion detection method's advantage and disadvantage, union actual network data characteristic and the designing experience of formerly intrusion detection algorithm, proposes one new intrusion detection method which use few labeled data conducting and restrainting clustering process. First, it draws out the intrusion detection through introducing existence's hidden danger of current network security and the security defensive measure's malpractice, and summarizes the current intrusion detection development condition and the existence question. Next, it totally introduces the clustering detection technology's situation in present development condition, summarize the clustering method flaw and the future development direction.Then, it review the technical background and rationale of the machine learning, and draws out semi-supervised learning method.In view of clustering method to detect unknown attack insufficiently and current semi-supervised clustering method's flaw in marking unlabeled data, this article propose a new semi-supervised clustering intrusion detection method,this algorithm introduce the mixture data attributes to carry on the similarity measure to the network data, and mark the data using the voting method and the proportion dividing method in proper order.Finally the writer design the experiment for the algorithm, the experiment data carry on the sampling from KDD Cup 99's data set, and takes intrusion detection rate, the rate of false alarm and the unknown attack detection rate as the standard to examinate algorithm performance.The algorithm analysis and experimental results show that this algorithm could obtain good detection performance and detect the new unknown intrusions efficiently, and it has certain theory significance and the practical value.